MANAGEMENT CHALLENGES
Accomplishing the mission “to stop and remedy unlawful employment discrimination,” at EEOC is difficult, given its inherent challenges and the demand for enforcement as well as education and outreach, and other vital EEOC activities. To make continued progress towards the mission, we believe EEOC needs to be successful in meeting these three challenges in 2016: strategic performance management, reduction of the private sector charge inventory, and data security: multi-factor authentication for network and system access.
STRATEGIC PERFORMANCE MANAGEMENT
The Equal Employment Opportunity Commission (EEOC) continues to make progress in implementing its 2012–2016 Strategic Plan; however, critical work remains. This year, the Agency had a mixed record of meeting its FY 2015 Strategic Plan performance targets (seven targets met, seven partially met). EEOC also made progress on other fronts, including adopting several plans. As part of its implementation of the Strategic Enforcement Plan (SEP), the EEOC approved, in late September 2015, a Research and Data Plan for FY 2016–2019. The plan outlines several highly useful activities, including compiling an inventory of EEOC data, improving survey collection, and tracking and reporting data. In addition, the plan identifies several long-term projects that could help the EEOC meet two of its three major objectives as cited in the Strategic Plan: combat employment discrimination through strategic law enforcement, and prevent employment discrimination through outreach and education.
As we noted in last year’s Management Challenges, the EEOC needs to successfully implement the Quality Control Plan (QCP), in a timely manner, to bring about more effective and efficient charge processing without sacrificing charge processing quality. The QCP applies to private and state and local government sectors. Work began on the QCP in FY 2013, with adoption scheduled for April 30, 2013.
The EEOC approved a QCP on September 30, 2015. The QCP states that it “is intended to assist the Commission’s field staff by providing an overview of effective investigative and conciliation practices.” While the recently adopted QCP is useful, the Strategic Plan states that “the Commission will develop appropriate criteria for measuring the quality of investigations and conciliations and develop a peer review assessment system that will be used to judge the quality of investigations and conciliations.” Therefore, we believe that in FY 2016, the EEOC needs to develop the peer review assessment system. The peer review assessment system, though not essential to quality reviews, would supplement the current review process, which examines individual private-sector charges of discrimination. A well-designed peer review process will help ensure high-quality charge processing for EEOC’s key customers, including those bringing discrimination charges (charging parties) and those responding to the charges (respondents).
We believe the EEOC can meet some performance management goals by adopting outcome-based performance measures, amending the Strategic Plan and incorporating such measures into the next Strategic Plan (the 2018–2022 plan). In September 2012, the Office of Inspector General (OIG) commissioned an evaluation of the Strategic Plan’s performance measures (Evaluation of EEOC’s Performance Measures, 2012-10-PMEV). In its March 2013 report, the OIG concluded, in part, that “the current measures do not cover the nation’s progress towards achieving the [EEOC’s] overarching goal: to reduce employment discrimination in the United States.” The report also concluded that these measures were not outcome-based.
In our view, the EEOC can greatly improve its performance management by adopting outcome-based measures, amending the current strategic plan and incorporating the new outcome-based measures into the 2018–2022 Strategic Plan (for each of the EEOC’s three strategic objectives). We note the current strategic plan includes interim adjustments, but that the adjustments do not include additional outcome-based measures. Also, progress toward reducing employment discrimination in the United States can be tracked. Developing and tracking such measures is not easy, but it is well worth the investment if it enables the EEOC to use its resources to maximum benefit in reducing employment discrimination.
Outreach and education are a vital Agency activity, as reflected in the Strategic Plan, which calls for education and outreach to play a large role in preventing employment discrimination. On September 30, 2015, Chair Jenny Yang approved the EEOC Agency-wide Communications and Outreach Plan (COP). This is the Agency’s first such plan and represents a significant step toward making the Agency more efficient and effective in its communications. The COP identifies the primary goals of communications and outreach at the EEOC and describes the tactics that will achieve the goals.
Timely and effective implementation of the COP will help the EEOC achieve greater efficiency and effectiveness in this critical activity. Implementation will take the Agency closer to concretely achieving two major outcome goals contained in the Strategic Plan: that members of the public understand and know how to exercise their right to employment free of discrimination, and that employers, unions, and employment agencies (covered entities) better address and resolve equal employment opportunity issues, thereby creating more inclusive workplaces. In addition, effective implementation would represent progress toward meeting the recommendations in the OIG’s May 8, 2015, report (Evaluation of EEOC’s Outreach and Education, 2014-03-OE). The recommendations are designed to make outreach and education more effective and efficient.
MANAGEMENT OF THE PRIVATE-SECTOR CHARGE INVENTORY
As it does each year, the EEOC faces a fundamental challenge in efficiently processing the pending inventory of private-sector discrimination charges while improving the quality of charge processing. Both current and trend data demonstrate the continuing wide scope of the challenge. After decreasing by an aggregate 18.6 percent in FY 2011–2012, the inventory increased by less than 1 percent in FY 2013, to 70,781. In FY 2014, it increased 6.9 percent, to 75,658. In FY 2015, inventory increased 1.4 percent, to 76,746 (Agency estimate).
Investigators are a primary resource in the Agency’s efforts to process discrimination claims. For FY 2015, the EEOC hired 90 investigators, resulting in a net increase of 16, a 1.9 percent increase. In FY 2014, the net increase was approximately 60. The EEOC’s Office of Field Programs reports that for 2016 it may not be able to increase the net number of investigators and could lose some, depending on the EEOC’s congressional appropriation. As we have previously noted, because of fluctuations in the number of charges received and the potential impact from losing experienced investigators, the increases in investigative staff will not automatically translate into reductions in the inventory.
Finally, as previously noted, the EEOC’s management needs to ensure high quality standards for charge processing (as discussed under “Strategic Performance Management” above) and maintain accurate information in the Information Management System.
DATA SECURITY: MULTIFACTOR AUTHENTICATION FOR NETWORK AND SYSTEM ACCESS
Due to continuous attacks on the U.S. Federal government information technology infrastructure, the Office of Management and Budget (OMB) has placed significant focus on the importance of cybersecurity (measures taken to protect a computer or computer system against unauthorized access or attack). Recently OMB called for a 30-day “Cyber Sprint,” mandating that each agency meet a set of five baseline requirements:
- Validation of scanning for indicators of compromise per United States–Computer Emergency Readiness Team (US-CERT) and notify of any found.
- Patch vulnerabilities
- Tighten policies for privileged users
- Accelerate multifactor authentication implementation.
- Identify high-value assets and make a risk-based assessment of cybersecurity and physical protection for these items.
Smaller Federal agencies (including the EEOC) were not required to participate in the Cyber Sprint but were encouraged to perform the specified baseline assessment requirements. The Office of Information Technology (OIT) conducted its Cyber Sprint assessment and reported that the Agency was in compliance with four of the five baseline requirements. The Agency faces a challenge in meeting one requirement, implementing multifactor authentication for network and system access to protect against the unauthorized access to sensitive information, including personally identifiable information (PII) maintained by the Agency.
As stated in OMB’s June 12, 2015 cybersecurity fact sheet, intruders can easily steal or guess usernames and passwords and use them to gain access to Federal networks, systems, and data. Requiring the use of a personal identity verification (PIV) card or an alternative form of multifactor authentication can significantly reduce the risk of adversaries penetrating Agency networks and systems.
According to OIT, the EEOC has not implemented multifactor authentication due to a lack of funding/resources. The OIG has reported the multifactor authentication issue as a finding in previous Federal Information Security Management Act independent evaluations. It is imperative that Agency senior management find the funding/resources for the implementation of multifactor authentication to access the EEOC networks and systems.